Date: Fri, 14 Jan 2000 03:10:09 -0500 (EST) From: Mike Nowlin <mike@argos.org> To: Frank Bonnet <bonnetf@bart.esiee.fr> Cc: freebsd-net@FreeBSD.ORG Subject: Re: IP address abuse ... Message-ID: <Pine.LNX.4.05.10001140250430.32763-100000@jason.argos.org> In-Reply-To: <200001111057.LAA17219@bart.esiee.fr>
next in thread | previous in thread | raw e-mail | index | archive | help
> Our primary DNS runs FreeBSD and we are facing > a boring problem , some stupid student has > put the same IP address than the DNS on a Linux (mandrake) > machine , then our FreeBSD said "someone has taken my IP address" > and stop to serve our LAN ... Execute him. Violently. Lots of blood and guts. > Is it possible with FreeBSD to avoid such trouble ? > ( arpwatch is running on this machine ) Without trying this (not willing to screw up any networks right now with the amount of brain-numbing liquid in my system at the current time), I'd imagine you could side-step around the problem with one of the following: 1) a static arp entry on the FBSD box that tells it where a certain IP address should be (yours). 2) Possibly (?) an IPFW rule something like "deny udp from 10.1.1.1 in via fxp0" to keep your system from seeing anything coming in through fxp0 with your IP address. (Depending on where in the tree the IPFW rules are applied, it may also prevent your machine from seeing itself on that IP address -- Linux does have some problems with this, and I haven't tested how FBSD handles it.) 3) If you're on some sort on intelligently-switched network, you should be able to smack down any packets coming from his ethernet address. If the switch is really smart, you can kill packets on an IP/Port level, and keep him from sending anything out on port 53, either TCP or UDP with a given source/dest IP address, while still allowing him to telnet to the "daytime" port on the local HPUX machine. (Someone else posted:) >So stick with the sledgehammer. I don't think there is one in the ports >collection, but you should be able to get one from a local hardware >store! Or the sledge that I have symbolically sitting next to my desk -- yes, I have used it on a couple of old TRS-80 CoCo's... It was fun..... :) (And someone else posted:) >The student is disrupting network services. Don't you have a policy to >deal with this? (Perhaps expulsion from school if he won't change the >IP.) Just threaten him with legal action. Disrupting systems is usually a very serious offense, especially with government-funded schools. If that doesn't work, a few well-planned words passed to a couple of local fraternities can work nicely.... :) --mike To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.4.05.10001140250430.32763-100000>